H-ISAC TLP White Threat Bulletin: POC Exploit Available for the Recent Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability

H-ISAC TLP White Threat Bulletin: POC Exploit Available for the Recent Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability (CVE-2025-55680) 

In March 2024, a vulnerability in Microsoft Windows Cloud Files Minifilter driver, tracked as CVE-2025-55680 (CVSS score of 7.8), was initially discovered by Exodus Intelligence. This flaw was recently patched by Microsoft as part of their October 2025 Patch Tuesday.

Few weeks after the release of the patch, a Proof-of-Concept (PoC) was released for this vulnerability, making it more concerning.

Microsoft Windows Cloud Files Minifilter is a type of file system filter driver that acts as a proxy between applications and a cloud sync engine, managing files stored in the cloud. In March 2024, a vulnerability was discovered by Exodus Intelligence on this driver, tracked as CVE-2025-55680 (CVSS score of 7.8), and was recently patched by Microsoft as part of their October 2025 Patch Tuesday.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides/Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public